Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

AoN Sylent...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 05:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AoN Sylenth1 v2.2.1 Installer.exe

  • Size

    40.5MB

  • MD5

    fc0fe3b2d929fab240aa06cdb33315cf

  • SHA1

    165ef57fa4dc4e6b90aaffc9560beae647abb041

  • SHA256

    f7dba59dac37840c22c2f64acc9f465a65a0c196a6cff547f0abe85f0b014d42

  • SHA512

    69528308cf2d9da500a9915ceefecee78073ead9441d68b2f0cad1d6614d4d8e92ca8d63d85963866b99e101814a5f3a6c14df86c95165aa125c721f694165c4

  • SSDEEP

    786432:PRoZlfbGbUupjW/s4IOKo+G5D7jfJoGmMU4NSGvNB6Qywu+P6mc:i6rW97j+G5D7jfJoG0Gr6QDuSc

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AoN Sylenth1 v2.2.1 Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\AoN Sylenth1 v2.2.1 Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\is-5SH39.tmp\AoN Sylenth1 v2.2.1 Installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5SH39.tmp\AoN Sylenth1 v2.2.1 Installer.tmp" /SL5="$C005E,42118464,410112,C:\Users\Admin\AppData\Local\Temp\AoN Sylenth1 v2.2.1 Installer.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4368
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lennar Digital Sylenth1 v2.2.1\ReadMe.txt
        3⤵
          PID:2560
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4f4 0x4c4
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3988

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\VST Plugins\Sylenth1\is-6AH3R.tmp
      Filesize

      504KB

      MD5

      febbe3f609ac8dea0a707a2193f77253

      SHA1

      ddec2e751f12c01a6c473695f78edbccaef8626c

      SHA256

      3435215e42e6c74b8373750365a815d57eccdd295037bb6c1df80259b997f3c6

      SHA512

      fade1df1fd19bb5f8b573c1353b299c7b63d220aeee75b98c0d09044443ac66439ecdea4169bd28202a779d5c3f717c1a603c6e495b48b7fcd29d76e2b86e16c

      Download Submit

    • C:\Program Files\VST Plugins\Sylenth1\is-FD1BR.tmp
      Filesize

      504KB

      MD5

      8554a04c30b2b44c952fb39a5804d6df

      SHA1

      f8aec607d1bd515a05c302d4f77f09caf9552cf0

      SHA256

      3dbc797117fc7b5fc571c7cb7b9412d6c2e45770d350879d4d12ccccfa1218bb

      SHA512

      7c6680545737f6ef9135c635da086cd1ce1475e0356bc1a85747469554766edaf1aa10f02ed1fbbd363caea9ee363d3164f09907da5fc68d50cdf6cb5e34c96d

      Download Submit

    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lennar Digital Sylenth1 v2.2.1\ReadMe.txt
      Filesize

      64KB

      MD5

      dbbde57d782da3821446b998d37ac702

      SHA1

      305d6ab41572e9b07723ff59d5ae3be4ce28a2ea

      SHA256

      8619795a9898317d819e0a9d6581964717876ce4423509685f67c54f2d109d99

      SHA512

      27ee7b6ed3b1ca57760882a9c6be09b29c164382484cca334ded5b88eb75a18df8e0678ada828ef4781726defc0fe6489b6543595f575ed1e442c50e013bcb25

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-5SH39.tmp\AoN Sylenth1 v2.2.1 Installer.tmp
      Filesize

      708KB

      MD5

      d9a3c80228901e130cf149acd355933e

      SHA1

      ae046990b4d43a774c03ee29a3caf26a3d6bb309

      SHA256

      42fa0493ae2ce52279d856ee9f770e4ed67cab732a9172080fe315a98286bdf8

      SHA512

      05b3de381574f6a793c894f3d8614b4247268b75ebbaba18050690f67fc9bf5f4301b59d281b1d1503e45f8a606448b6a6ff21faf8a2941ca87619ddb4d5f540

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-5SH39.tmp\AoN Sylenth1 v2.2.1 Installer.tmp
      Filesize

      1.0MB

      MD5

      a4af8f6006d695f3ee18ba09ab05b29f

      SHA1

      10e6a3db7013604a20de433e616eff8d51e804a5

      SHA256

      555c51ea7cab4a88e112b3ed4f03c2e073741fda94c683606545f712b8e6469a

      SHA512

      bea89e5258043d4095cf2c717cacbb0fecd96823a0feb1afc1db377aa8c1b44cee2537a441d012fc3f9f3477c0f4b115eb2cd7b51bdd1100000d16423f470648

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-QQLGJ.tmp\Style.cjstyles
      Filesize

      728KB

      MD5

      04915d39840c9406d1e9347c0eafd7b7

      SHA1

      435056f42e1e18e187d4abbb6d755c1a4f309f6d

      SHA256

      cc26d305824288a1c43c1c35cf8f456c5b19effaa39475f5179d372c4a06eef5

      SHA512

      677476971f40c8f4cc8bd67a9929e21d93802c376ab67670f5a4e9760339796cf872644920d26118631c44857ac254aaf62b0d3fbc7d04ddd30cb04d99f80185

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-QQLGJ.tmp\bass.dll
      Filesize

      101KB

      MD5

      40556d35a0fe6c7aa37e1c01b43ad333

      SHA1

      fc0412a134195fe0929f6967e2ba57081aaa5d77

      SHA256

      34d8e73b4fbd8d80388a2af257c1db3e88fe79b206deab4f7cd365e31ccce93b

      SHA512

      9f6b42f45f03b955d964f3adcbdc7c8b9d2abd7338f5814606e185ede849a6ee72cfd0b1e261ccc0aa6924fcdf357339452057ae53a009b567ab331b9cb37bbf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-QQLGJ.tmp\isskin.dll
      Filesize

      385KB

      MD5

      92c2e247392e0e02261dea67e1bb1a5e

      SHA1

      db72fed8771364bf8039b2bc83ed01dda2908554

      SHA256

      25fdb94e386f8a41f10aba00ed092a91b878339f8e256a7252b11169122b0a68

      SHA512

      e938d2a1870ccb437d818b5301e6ecffaa6efbf4f0122e1a1ae0981057d7d0376039ea927c6fd326456da2d6904803fca26b87245367a4c5de2aebc47bdcd4b5

      Download Submit

    • memory/2208-0-0x0000000000400000-0x000000000046B000-memory.dmp

      Filesize

      428KB

      Download

    • memory/2208-3369-0x0000000000400000-0x000000000046B000-memory.dmp

      Filesize

      428KB

      Download

    • memory/2208-159-0x0000000000400000-0x000000000046B000-memory.dmp

      Filesize

      428KB

      Download

    • memory/4368-51-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-56-0x0000000073E20000-0x0000000073F44000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4368-25-0x00000000761A0000-0x000000007621A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/4368-27-0x00000000761A0000-0x000000007621A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/4368-26-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-28-0x0000000075980000-0x00000000759A5000-memory.dmp

      Filesize

      148KB

      Download

    • memory/4368-29-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-30-0x00000000761A0000-0x000000007621A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/4368-31-0x0000000075980000-0x00000000759A5000-memory.dmp

      Filesize

      148KB

      Download

    • memory/4368-32-0x0000000073FE0000-0x0000000074010000-memory.dmp

      Filesize

      192KB

      Download

    • memory/4368-34-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-36-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-37-0x0000000073E20000-0x0000000073F44000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4368-35-0x0000000075980000-0x00000000759A5000-memory.dmp

      Filesize

      148KB

      Download

    • memory/4368-39-0x0000000075B10000-0x0000000075BF3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/4368-40-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/4368-38-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-33-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-42-0x0000000075530000-0x00000000755DF000-memory.dmp

      Filesize

      700KB

      Download

    • memory/4368-41-0x0000000076300000-0x00000000768B3000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4368-44-0x0000000075730000-0x000000007580C000-memory.dmp

      Filesize

      880KB

      Download

    • memory/4368-43-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-45-0x0000000075B10000-0x0000000075BF3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/4368-47-0x0000000076300000-0x00000000768B3000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4368-46-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/4368-49-0x0000000074C60000-0x0000000074CD4000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4368-48-0x0000000075530000-0x00000000755DF000-memory.dmp

      Filesize

      700KB

      Download

    • memory/4368-22-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-50-0x0000000073E20000-0x0000000073F44000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4368-52-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/4368-53-0x0000000076300000-0x00000000768B3000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4368-54-0x0000000075530000-0x00000000755DF000-memory.dmp

      Filesize

      700KB

      Download

    • memory/4368-55-0x0000000074C60000-0x0000000074CD4000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4368-24-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-58-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/4368-57-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-59-0x0000000076300000-0x00000000768B3000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4368-60-0x0000000075530000-0x00000000755DF000-memory.dmp

      Filesize

      700KB

      Download

    • memory/4368-61-0x0000000075980000-0x00000000759A5000-memory.dmp

      Filesize

      148KB

      Download

    • memory/4368-62-0x0000000074C60000-0x0000000074CD4000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4368-63-0x0000000073E20000-0x0000000073F44000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4368-64-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-66-0x0000000076300000-0x00000000768B3000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4368-65-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/4368-67-0x0000000075530000-0x00000000755DF000-memory.dmp

      Filesize

      700KB

      Download

    • memory/4368-68-0x0000000074C60000-0x0000000074CD4000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4368-69-0x0000000073E20000-0x0000000073F44000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4368-70-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-71-0x0000000075730000-0x000000007580C000-memory.dmp

      Filesize

      880KB

      Download

    • memory/4368-72-0x0000000075B10000-0x0000000075BF3000-memory.dmp

      Filesize

      908KB

      Download

    • memory/4368-73-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/4368-74-0x0000000076300000-0x00000000768B3000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4368-75-0x0000000075530000-0x00000000755DF000-memory.dmp

      Filesize

      700KB

      Download

    • memory/4368-76-0x0000000074C60000-0x0000000074CD4000-memory.dmp

      Filesize

      464KB

      Download

    • memory/4368-77-0x0000000073E20000-0x0000000073F44000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4368-78-0x0000000010000000-0x0000000010060000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4368-79-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/4368-23-0x00000000761A0000-0x000000007621A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/4368-80-0x0000000076300000-0x00000000768B3000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/4368-161-0x0000000000630000-0x0000000000631000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4368-163-0x00000000032F0000-0x0000000003307000-memory.dmp

      Filesize

      92KB

      Download

    • memory/4368-21-0x00000000761A0000-0x000000007621A000-memory.dmp

      Filesize

      488KB

      Download

    • memory/4368-13-0x00000000032F0000-0x0000000003307000-memory.dmp

      Filesize

      92KB

      Download

    • memory/4368-14-0x0000000073DD0000-0x0000000073E14000-memory.dmp

      Filesize

      272KB

      Download

    • memory/4368-5-0x0000000000630000-0x0000000000631000-memory.dmp

      Filesize

      4KB

      Download